Detection of a loophole in Apple Mail encryption protocols that allows message theft

Detection of a loophole in Apple Mail encryption protocols that allows message theft
Detection of a loophole in Apple Mail encryption protocols that allows message theft

Even if you use an encryption-based e-mail service, this does not make you completely safe. A group of European academic researchers have discovered a gap in two of the most famous encryption protocols used by many companies, including Apple, in its service of Apple Mail.

The vulnerability allows attackers to inject malicious code into e-mail messages even though the server uses a cryptographic protocol that prevents these actions. This attack can steal the entire e-mail content of the victim.

In detail, the PGP and S / MIME protocols are affected by the gap, among the services that Apple Mail uses and the email app on iOS as well as Thunderbird and Enigmail.

Through this vulnerability, attackers can intercept certain e-mail messages, modify their content, add malicious HTML code before they reach the recipient, and when the recipient opens the e-mail, the attack starts immediately.

According to Sebastian Schinzel, professor of computer security at M√ľnster University who is involved in the search for the vulnerability, there are currently no security updates for this vulnerability.

Source

No comments:

Powered by Blogger.